In 60 Days – ICND2

2. In 60 Days – ICND2 Configuring Access Lists

3. Standard IP ACLs • Source network or • Source host IP Source: 172.16.1.1 Destination: 192.168.1.1 Port 80

4. Router(config)#access-list 1 permit host 172.16.1.1 Router(config)#access-list 1 permit host 192.168.1.1 Router(config)#access-list 1 permit 10.1.0.0 0.0.255.255 [Deny All]

5. Extended ACLs • Source/destination address • Source/destination port • Protocols • Services (e.g. ICMP)

6. Syntax Access list 100 permit/deny service from to port access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eqtelnet access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eqftp access-list 100 permit icmp any any

7. access-list 100 permit tcp host 172.16.1.1 host 172.20.1.1 eqsmtp access-list 100 permit tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq ftp access-list 100 permit tcp host 192.168.1.1 host 172.30.1.1 eq www

8. access-list 101 deny icmp any 172.20.0.0 0.0.255.255 access-list 101 deny tcp 10.1.0.0 0.0.255.255 host 172.30.1.1 eq telnet

9. access-list 102 permit tcp any host 172.30.1.1 eq ftp established

10. Named ACL • Slightly different syntax • Can edit (add/remove lines)

11. Router(config)#ip access-list extended BlockWEB Router(config-ext-nacl)#deny tcp any anyeq 80

12. Applying ACLs • Apply to ports or interfaces Router(config)#int fast 0/0 Router(config-if)#ip access-group 101 in ------ Router(config)#line vty 0 15 Router(config-line)#access-class 101------ Router(config)#int fast 0/0 Router(config-if)#ip access-group BlockWEB in

13. End